SushiSwap denies reports of billion dollar bug

SushiSwap denies reports of billion dollar bug

 404 total views

2021-09-23 10:08:23

Recently, one of the developers of SushiSwap denied the claims of a self-proclaimed white hat hacker about a security risk to SushiSwap liquidity providers.

SushiSwap denies reports of billion dollar bug

The developer behind the SushiSwap decentralized exchange has denied a vulnerability reported by a white hat hacker studying his smart contracts.

According to media reports, hackers claim to have identified a vulnerability that could put more than $1 billion worth of user funds at risk.

Hackers claim to have identified a “vulnerability in the Emergency Withdrawal function in two SushiSwap contracts, MasterChefV2 and MiniChefV2” – contracts that govern the exchange’s double reward farms and the pools on the exchanges. SushiSwap’s non-Ethereum token like Polygon, Binance Smart Chain, and Avalanche.

While the Emergency Withdraw function allows liquidity providers to instantly claim their LP tokens while losing their rewards in an emergency, the hacker claims the feature would fail without it. what rewards are held in the SushiSwap pool – forcing liquidity providers to wait for the pool to be manually refilled over the course of about 10 hours before they can withdraw their tokens.

“It can take about 10 hours for all the signers to agree to fund the rewards accounts and some empty reward pools several times a month.”

“The non-Ethereum implementation of SushiSwap and 2x reward (all using vulnerable MiniChefV2 and MasterChefV2 contracts) total over $1 billion. This means that this value is essentially untouchable for 10 hours several times a month.”

However, the developer of SushiSwap took to Twitter to refute the claims, with the platform’s “Shadowy Super Coder Mudit Gupta emphasizing that the threat described” is not a vulnerability “and is” incompetent. which property is at stake.”

Gupta clarified that “anyone” can top up the reward pool in an emergency, largely bypassing the 10-hour multi-sig process that hackers claim is necessary to replenish. reward.

“The hacker’s claim that someone can stake more lp to withdraw rewards faster is incorrect. The reward for each LP will decrease if you add more LP.”

The hackers said they were instructed to report a vulnerability on the Immunefi platform, where SushiSwap is offering rewards of up to $40,000 to users who report a risky vulnerability in their code.

The hacker noted that the issue was closed on Immunefi without the bounty, as SushiSwap said it was aware of the described issue.

Synthetic CHK

Maybe you are interested:

Maybe you are interested:

#SushiSwap #denies #reports #billion #dollar #bug

Leave a Reply

Your email address will not be published. Required fields are marked *